[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DigiCash Ecash - 2 security topics



At 11:26 1/22/96, Bryce wrote:

>What kind of performance hit does this new encryption entail?
>(No additional performance hit if SSL does it, I know.)

Very little.

>Are you considering having different protocols for SSL-protected
>transactions versus unprotected ones?

It isn't just an issue of SSL vs. unprotected. The new Ecash API that
DigiCash is jointly designing with developers, will support two basic
levels of operation. The first is similar to today's Ecash software. The
client handles the transport. The second just generates the messages. Your
application is responsible for getting them to where they should go.
Presumably securely.

>Let me repeat something I said a couple of weeks ago:  I suspect
>that the weakest point in DigiCash security is on the end-user's
>own harddrive.  A malicious cracker could write a Trojan horse
>or even a virus which would steal the user's coins and send them
>to himself.

Given the amounts likely to be found on a drive, I doubt it would be worth
the effort.


-- Lucky Green <mailto:[email protected]>
   PGP encrypted mail preferred.